Friday, July 26, 2013

OSPF MD5 Authentication


Pic. 1 - Topology Diagram.


Task 1
Reconfigure OSPF authentication between R1 and R2. Use the password 'G33K' and the most secure option to accomplish this. Do not change Simple Password authentication configured on the remaining routers (configured in the previous lab).

Questions
Try to answer the following questions:
  1. When MD5 authentication is enabled, what should match between routers in order to establish FULL adjacency?
  2. What is the order of operations if OSPF authentication method is configured in the routing context and on an interface?
Lab Solution

Solution configuration below:

Task 1
Reconfigure OSPF authentication between R1 and R2. Use the password 'G33K' and the most secure option to accomplish this. Do not change Simple Password authentication configured on the remaining routers (configured in the previous lab).
R1 Config:
!
interface FastEthernet0/0
 no ip ospf authentication-key 
 ip ospf authentication message-digest
 ip ospf message-digest-key 1 md5 G33K
!
R2 Config:
!
interface FastEthernet0/0
 no ip ospf authentication
 no ip ospf authentication-key
 ip ospf message-digest-key 1 md
 ip ospf message-digest-key 1 md5 G33K
!

What You Should See


Pic. 2.


Notice, that R1 shows as FULL state OSPF neighbor and R2's routing table has been populated again. Also, take a look at pic. 3. The last two line show that key 1 and MD5 method has been used.


Pic. 3.

Study Drill

In OSPF MD5 authentication method, you can change passwords by adding an extra key with the new password. If you do so, there is no interruption in the service (you will see it in the next lab). 

While using OSPF MD5 authentication, both 'key number' and the 'password' between routers must be identical in order to establish FULL state between neighbors.

Experiment by changing the 'key number' on R2 (and leaving key=1 on R1). Use 'debug ip ospf adj' to see the result of that change. Then, configure the key=1 on R2 back again, but change the password instead. Observe the output of the debug. Find the differences between the two dubug output.